Mushure megore rekuvandudza, bazi idzva rakagadzikana repamusoro-kushanda kweHTTP server uye multi-protocol proxy server nginx 1.20.0 yakatangwa, iyo inobatanidza shanduko dzakaunganidzwa mubazi guru 1.19.x. Mune ramangwana, kuchinja kwese mubazi rakagadzikana 1.20 richave rakabatana nekubviswa kwezvikanganiso zvakakomba uye kushaya simba. Nenguva isipi bazi guru re nginx 1.21 richaumbwa, umo kuvandudzwa kwezvinhu zvitsva zvichaenderera mberi. Kune vashandisiwo zvavo vasina basa rekuona kuenderana nevechitatu-bato modules, zvinokurudzirwa kushandisa iyo huru bazi, pahwaro hwekuburitswa kwechigadzirwa chekutengesa Nginx Plus inoumbwa mwedzi mitatu yega yega.
Maererano neshumo yaMarch kubva kuNetcraft, nginx inoshandiswa pa20.15% yenzvimbo dzose dzinoshanda (gore rapfuura 19.56%, makore maviri apfuura 20.73%), iyo inoenderana nenzvimbo yechipiri mukuzivikanwa muchikamu ichi (mugove weApache unoenderana ne25.38% (gore rapfuura 27.64%), Google - 10.09%, Cloudflare - 8.51%. Panguva imwecheteyo, pakufunga nzvimbo dzose, nginx inochengetedza hutungamiri hwayo uye inotora 35.34% yemusika (gore rapfuura 36.91%, makore maviri apfuura - 27.52%), nepo mugove weApache uchienderana ne25.98%, OpenResty ( platform based on nginx uye LuaJIT.) - 6.55%, Microsoft IIS - 5.96%.
Pakati pemamiriyoni enzvimbo dzakashanyirwa zvakanyanya munyika, mugove wenginx ndeye 25.55% (gore rapfuura 25.54%, makore maviri apfuura 26.22%). Parizvino, anenge 419 miriyoni mawebhusaiti ari kuita Nginx (459 miriyoni pagore rapfuura). Sekureva kweW3Techs, nginx inoshandiswa pa33.7% yemasaiti kubva pamiriyoni yakashanyirwa, muna Kubvumbi gore rapfuura iyi nhamba yaive 31.9%, gore rakapfuura - 41.8% (kuderera kunotsanangurwa neshanduko yekuparadzanisa accounting ye Cloudflare http server). Chikamu cheApache chakadonha mugore kubva pa39.5% kusvika 34%, uye Microsoft IIS chikamu kubva pa8.3% kusvika 7%. Mugove weLiteSpeed ββββwakawedzera kubva pa6.3% kuenda pa8.4%, uye Node.js kubva pa0.8% kuenda pa1.2%. MuRussia, nginx inoshandiswa pa79.1% yenzvimbo dzakashanyirwa zvakanyanya (gore rapfuura - 78.9%).
Mabhindauko anocherechedzwa akawedzerwa panguva yekuvandudzwa kwe1.19.x kumusoro kwepamusoro bazi:
- Yakawedzera kugona kuona zvitupa zvevatengi uchishandisa ekunze masevhisi zvichibva paOCSP (Online Certificate Status Protocol) protocol. Kuti ugone kugonesa cheki, iyo ssl_opsp rairo inotsanangurwa, kugadzirisa saizi yecache - ssl_opsp_cache, kutsanangurazve URL yemubati weOCSP yakatsanangurwa muchitupa - ssl_ocsp_responder.
- Iyo ngx_stream_set_module module inosanganisirwa, iyo inobvumidza iwe kugovera kukosha kune inoshanduka server {teerera 12345; set $ true 1; }
- Yakawedzera proxy_cookie_flags dhairekitori kutsanangura mireza yeMakuki mune zvinongedzo. Semuyenzaniso, kuwedzera βhttponlyβ mureza kuCookie βoneβ, uye βnosecureβ uye βsamesite=strictβ mireza yemamwe ese maCookies, unogona kushandisa zvinotevera kuvaka: proxy_cookie_flags one httponly; proxy_cookie_flags ~ nosecure samesite=strict;
Iyo yakafanana userid_flags dhairekitori yekuwedzera mireza kuCookies inoshandiswawo kune ngx_http_userid module.
- Yakawedzerwa mirairo "ssl_conf_command", "proxy_ssl_conf_command", "grpc_ssl_conf_command" uye "uwsgi_ssl_conf_command", iyo yaunogona kuseta zvisina tsarukano maparameter ekugadzirisa OpenSSL. Semuenzaniso, kukoshesa ChaCha ciphers uye kugadziridzwa kwepamusoro kweTLSv1.3 ciphers, unogona kutsanangura ssl_conf_command Options PrioritizeChaCha; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
- Yakawedzerwa "ssl_reject_handshake" murairo, unorayira kuramba zvose zvinoedza kutaurirana SSL connections (somuenzaniso, inogona kushandiswa kuramba nhare dzose dzine mazita asingazivikanwe mazita mundima yeSNI). sevha {teerera 443 ssl; ssl_reject_handshake on; } sevha {teerera 443 ssl; server_name example.com; ssl_certificate example.com.crt; ssl_certificate_key example.com.key; }
- Iyo proxy_smtp_auth rairo yawedzerwa kune yetsamba proxy, zvichikubvumidza kuti utende mushandisi ari kumashure uchishandisa iyo AUTH command uye PLAIN SASL mechanism.
- Yakawedzera iyo "keepalive_time" kuraira, iyo inoganhura hupenyu hwese hwese-yega-yakabatana yekubatanidza, mushure meiyo iyo yekubatanidza ichavharwa (kwete kuti ivhiringidzwe ne keepalive_timeout, iyo inotsanangura kusaita nguva mushure meiyo kuchengetedza-kurarama kubatana kwakavharwa).
- Yakawedzera $connection_time kusiyanisa, kuburikidza iyo iwe unogona kuwana ruzivo pamusoro penguva yekubatanidza mumasekondi ane millisecond yakarurama.
- A "min_free" parameter yakawedzerwa kune "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path" uye "uwsgi_cache_path" mirairo, iyo inogadzirisa saizi yecache zvichienderana nekuona hushoma saizi yemahara disk space.
- Iyo "lingering_close", "lingering_time" uye "lingering_timeout" mirairo yakagadziridzwa kuti ishande neHTTP/2.
- Kodhi yekubatanidza yekubatanidza muHTTP/2 iri pedyo neiyo HTTP/1.x kuita. Tsigiro yezvigadziro zvega "http2_recv_timeout", "http2_idle_timeout" uye "http2_max_requests" yakamiswa nekuda kwezvimiro zve "keepalive_timeout" uye "keepalive_requests". Zvirongwa zve "http2_max_field_size" uye "http2_max_header_size" zvabviswa uye "large_client_header_buffers" inofanira kushandiswa pachinzvimbo.
- Yakawedzera mutsara mutsva wekuraira sarudzo "-e", iyo inokutendera kuti utaure imwe faira yekunyora irogi rekukanganisa, iro rinozoshandiswa panzvimbo yerogi rakatsanangurwa muzvirongwa. Panzvimbo pezita refaira, unogona kutsanangura kukosha kwakakosha stderr.
Source: opennet.ru